Synopsis
- In years past, there was a common misperception that Advanced Persistent
Threat (APT) was just a problem for governments and government contractors. In 2011,
there were many high-profile security breaches that were influential in
affecting this misperception. Organizations of different sizes and focus areas
face the threat of operationally sophisticated, targeted attacks to their
computer networks. These attacks are amongst the greatest challenges facing
network security professionals and researchers alike. To meet this challenge,
IBM X-Force thinks it is important to consider new perspective and approaches
to network hardening, breach detection and incident response. One needs to
think beyond thinking like an attacker and see it as the game that it is. We
have been on the forefront of understanding these threats and this talk will
provide updated information from IBM X-Force on this threat and the mindset required
to meet the APT challenge.

Synopsis: As the world becoming more digitised and
interconnected, more doors are being opened to emerging threats and leaks.
Security is needed to be made a top concern, from the boardroom down. A report
published by Verizon on Business Data Breaches in 2011, found that 48% of total
data breaches were caused by insiders and 48% of breaches involved a misuse of
an insider’s privileges. All organisations, no matter the size or industry,
need to put security first, allowing for the analysis of people, data,
applications and infrastructure to be carried out easily and intelligently and
providing instant information and visibility into business risks.

Synopsis: Enterprises want to fully capitalise on
the business value of mobility but still have significant concerns about the
security implications. To address these
challenges, mobile security needs to be viewed and understood holistically from
securing the device and the data on the device to secure access to enterprise
systems and application security. In
this session we will highlight the spectrum of requirements that Mobile
Security covers, describe how some organisations have gotten started and
introduce the concept of mobile security intelligence. Given the innate dynamic nature of mobility,
an intelligent, adaptable mobile security solution is required to provide an
enterprise with the necessary visibility, and control in managing threats and
risks without degrading user experience.

Synopsis - As the nature of the threat to business
changes it is important that companies review their position with regard to
security and particularly how mature their detection and prevention
capabilities are. This session looks at
some of the technology that can be used for Infrastructure protection and how
this might be integrated with other systems and data sources to provide a more
optimised solution. We will discuss the
way that a company can move from a basic security position, through proficient
and finally to optimised, giving the capability to be pre-emptive with
protection and use Security Intelligence and Analytics to provide better
protection and thus stay ahead of the threat.

Workshop Title: Application Security Hacking 101

Speaker:
John Smith - IBM Application Security Specialist

Synopsis: Despite a decreased share of the
vulnerability disclosures in 2011 (X-Force

Trends and Risks report, 2011) Web Application
vulnerabilities still represent the single largest category of issues. This
session will examine some of the common types of attacks and show how they work
and how to defend against them.

Synopsis: In
a hyper-connected era can we ever achieve strong security? The answer is yes,
but it requires some fundamental changes on how information and events are
aggregated from the enterprise. The very strengths of these interconnected
networks — their speed and openness, the easy access anywhere on the globe —
also create a myriad of vulnerabilities. This session focuses on how you can
enhance the levels of security intelligence and visibility provided by your
existing security infrastructure, by leveraging the benefits of Security
focused Cloud Based Data Analytics and protection technologies, in an efficient
manner.

We will also have a smoothie bar on the stand (F40), so if you are attending, why not
come along to the stand at grab a FREE refreshing fruit drink! You will also
get the chance to talk one on one with our many experts – perhaps getting a
demo of our latest products/solutions, use our Touchscope technology to browse
key IBM Security pieces of collateral, or check out our Tweetwally, which will
show all the twitter conversations during the day.

To join in our Twitter activity on the day – please
use #infosec12 with #IBM. You can
follow me @RSwindell, or our main
security account @IBMSecurity.

One of the experts – Vijay Dheap (@dheap) -
recently shared his views with me, on what he saw the main topics of
conversation at the event being. With many organisations needing to for address
the speed of mobile adoption in the workplace, what their options are and how
to get started. He added that the most mature organizations have one or more
solutions deployed and trying to be more proactive in designing their security
posture – of course all of which our IBM experts at the event would be able to
help with.

Vijay also has a blog that I am sure you would find
interesting - http://ow.ly/aj7Z9

If you are not attending the event, but keen to
speak to IBM about their sessions, then please visit –email me at rebecca.swindell@uk.ibm.com and I will be happy to send the decks to you,
and put you in touch with one of our experts!

We also have Pulse Comes To You on 30th May at The
Grange, Tower Hill – where our customers & prospects can learn more about
the entire Security Systems and Tivoli division. Registration is now open at - http://ow.ly/aiP1C

The final day of Infosec has now finished and what a fantastic event it has been. We had a total of NINE excellent sessions and many many great conversations with attendees wanting to know more about IBMs wide range of security solutions. We also made two new security product announcements at the show – for more details go to the press room on the IBM website here - http://ibm.co/Ii9Nfm

We had one session in the technical theatre today, given by Robert Freeman on IBM XFORCE cyber security threat landscape. The session was very well attended, with over ninety people in the room as well as it being live streamed into conference hall.Robert began the talk by explaining the IBMs X-Force team mission, giving some great stats around the analysis they do. For more information on this and to download the report etc please see below.

Robert then explained how IBM viewed 2011 as the year of security breach. He gave examples of notable security breaches during the last twelve months, including some of the high profile ones we have all seen in the national press. These includedSQL injection attacks against web servers, URL tampering, shell command injection attacks, SSH brute force activity, and phishing based malware distribution and click fraud - which is back up to where it was in early 2008.As had been mentioned in other IBM sessions, Robert spoke about the decline seen in web app vulnerabilities - a decline of 8% from 2011 and the lowest it's been since 2005. He also talked about how there are now much better patching policies due to pressure from public at large and he predicted there will be continued investment in this.Robert closed the session by talking about the security challenges emerging in the emerging areas of cloud and mobile. Smartphones and tablets are ever increasingly being brought into the workplace and attackers are finally warming to the opportunities these devices represent. Unfortunately 3rd party apps can lack secure permission coding etc leaving them vulnerable to attacks. He finished by talking about some of the high profile cloud breaches which are affecting known organisations and large amounts of customers. Good Cloud security requires cloud appropriate workloads, a flexible provider and effective due defence on part of the customer.If anyone is ingesting in learning more about IBMs many security solutions, then please register for our Pulse Comes to You event in London on the 30th May here -http://ibm.co/JgmnZDIf you can't attend the event then follow me on @Rswindell or @IBMPulse, as I will be posting updates through out the day. I will also be blogging here both pre and post the event.Please follow @IBMSecurity for more information specifically on our security events, news, collateral and more.If you attended the event, I hope you enjoyed it as much as I did. See you next year!!

It was great to be back at Infosec, with a very colourful IBM booth, that clearly stands out from the crowd! We had four sessions during the day, and below are the key points that I thought were raised.

Our first session was given by Robert Freeman, Manager of X-Force Advance Research Strategy, on The Advanced Persistent Threat in 2012, who opened by talking to the audience about the role of the X-Force team at IBM. He spoke about how 2011 was the year of the security breach, and went into some specific, well known examples that made it into the news during the year. Robert then talked to the audience about who is actually attacking our networks - attacker types and techniques based on the X-Force research, be it off the shelf versus sophisticated attacks, broad versus targeted, financially motivated, state sponsored, or all out cyber war!

Robert used the analogy of in past it was dumpster diving - looking through someone's trash, now its breaking into a computer network & attacking - attackers are now more and more stealthy and stay as long as possible. Web browsers & their plug ins continue to be the largest category of client side vulnerabilities. He said that unfortunately there are no perfect detections methods, but every detection is a win. He also urged the audience to not just put the fire out and go back to work, if it has gone too quiet then you are missing attacks.

The next IBM session was given by Steve Durkin, who joins IBM from our recent acquisition of Q1 labs, whose session was titled “providing your business, total security intelligence”. Steve Durkin opened the session by talking about Security and Information Event Management or SIEM for short! He wanted the audience to understand that SIEM leads to actionable and comprehensive insight into their security infrastructure. He also took the audience through the industry examples of attacks on businesses we have all seen in the press during the last few years. Steve spoke about the four domains or pillars that IBM see as forming a comprehensive IT Security – People, Data, Applications and Infrastructure - if you have got all four areas covered you've cracked it. He then explained that Q1 labs products should been seen as the glue that hold all of these together. Steven urged that internal threats are just as dangerous as external ones. He wanted the audience to ask themselves if they have taken the best steps to protect against these.

Steve then took the audience through some Q1 case studies – such as the work they did at Chevron Oil (more info about you can find out about on the Q1 website). He talked about how the Q1 labs product can help pull all information together and analyse it, to show you where the vital attacks are taking place, what's being hit and impact it will have. He gave a few more product examples and suggested if the audience were interested they should start small and add functionality using normal software updates, the products are simple and quick to deploy, on one pane of glass.

Vijay Dheap was next up for IBM, who talked to the audience about Securing Mobile Devices in the Enterprise. He gave some very interesting stats, such as in 2011 sales of smart phones surpassed that of PCs, soon they will dwarf the sales of PC, by 2015 40% of Enterprise devices will be mobile devices – (an IBM projection) and 50% of all apps send device information or personal details. Social norms are now different - mobile devices used in way more locations, mobile devices shared more often, and user experience is prioritised. He continued by talking about how apps now push the boundaries of collaborations, but unfortunately leave you open to attacks. He urged the audience to have visibility to what mobile devices are connected to their corporate network and be reactive, be responsive, and be transparent. Vijay explained that lost devices are still top of CSO worries, they want to know things such as how to selectively wipe the device central and how to be 100% compliant. Vijay finished by speaking about the various Mobile Device Management products and services IBM have – all of which you can find out more about on the IBM website.

Our final session of the day was given by Simon Smith who presented on Infrastructure Protection - Towards an Optimised Security Position. He talked about how IBM is keen to usher in new era of security intelligence. He then took the audience through what he saw where the different stages companies are at when it comes to IT Security, asking the audience to share where they thought they were in the journey. He first discussed what “basic” security looks like: point solutions, stand alone products & deployments, different solutions for every problem block and prevent attacks, and analysis is mostly manual & reactive.

Simon then looked at what would constitute as “proficient” security – such as - further data feeds, introduce decision making based on knowledge of assets, greater investigative capability, still large amounts of manual involvement, and analysis and investigation is largely manual.

He then looked at the final stage, “optimised security”, where there is enriched data and increased information such as from -Asset databaseVulnerability assessment toolsServer logsApp logsSecurity logs

This is combined with correlation and analytics, alerts based on predefined rules and information, auto analysis and assessment reports and alerts. Simon closed by saying there are no absolutes, no scoring systems, you should look at where we are and your aspirations.

Simon mentioned that there will be new product announcements tomorrow morning, so be sure to follow me @RSwindell and @IBMSecurity to find out what they are! #